Question

Cherilyn is a security consultant hired by a company to develop its system auditing protocols. She and the company's chief information officer (CIO) agree that audits are an important consideration. In her report to the CIO and other C-level officers of the corporation, she recommends that the security policy include audit categories and ______________ for conducting audits.

a) Timelines
b) Metrics
c) Checklists
d) Procedures

Answer 1

Cherilyn, a security consultant, recommends including procedures in the security policy for conducting audits, which provide a standardized approach to assessing the company's security measures.

Step-by-step explanation:

In answering the question: Cherilyn recommends that the security policy include audit categories and procedures for conducting audits. Cherilyn, a security consultant, recommends including procedures in the security policy for conducting audits, which provide a standardized approach to assessing the company's security measures.

Procedures provide a standardized method for conducting audits and ensure that the audits are comprehensive and consistent. They describe the steps for planning, executing, and reporting on the audits, ensuring that the security measures are effectively reviewed and assessed.

A checklist might be a part of the procedure, but it is the procedure itself that is essential to the security policy as it defines the methodology of the audit. Timelines and metrics are also important components, but they do not encompass the full scope of actions like procedures do.